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DETAILED ACTION 

Response to Arguments 



Applicant argues that "Matyas describes a system and technique wherein a first input to 
the cryptographic algorithm is the PIN (in common with applicant's claimed system) but 
a second input is an IBM 3624-formatted PIN that is derived from validation data and a 
PIN validation key (which is derived from the PIN- specifically contrary to applicants' 
claims) (pg. 14 of Remarks)." 

The Examiner respectfully disagrees. The first PIN in both cases is a customer 
selected PIN. In Matyas however the second input is an Intermediate PIN which is 
independent from the customer selected PIN. 

As Applicant's specification describes "One technique determines a PIN offset as 
a... difference of a natural PIN and a customer selected PIN. (Paragraph [0005])." The 
Natural PIN (the Intermediate PIN in Matyas) is the PAN encrypted with the PGK. As 
the natural PIN is distinct from the customer selected PIN, the cited second input is 
already independent of the PIN . Therefore the argument that Matyas does not teach 
wherein the second input block is independent of the (secret) PIN is found to be 
unpersuasive. 



Application/Control Number: 10/749,200 Page 3 

Art Unit: 2439 

Applicant argues that "Vernam does not teach first and second ciphtertexts that 
are formed and combined to produce a ciphertext, but rather merely disclose 
combination of a plaintext block with a ciphertext block." 

Vernam teaches taking two inputs and using XOR to produce a ciphertext. 
Whether or not the inputs are ciphertext or plaintext should be directed to the 
Coppersmith reference. 

Therefore the Examiner finds the argument that Vernam does not teach first and 
second ciphertext" to be unpersuasive. 

The Applicant argues that "while Briachtl discloses the general concept of escrow 
storage, the combined references do not teach storing a ciphertext block in the escrow 
storage to facilitate recovery of the secret PIN." 

The Examiner maintains that it would have been obvious to one of ordinary skill 
in the art at the time of the invention to combine the teachings of Coppersmith and 
Vernam with an escrow storage and that the results would be predictable. 

The remaining arguments are derived from the above and are rejected for the 
same rationale. 



Claim Rejections - 35 USC § 103 
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The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 1 03(a). 

Claims 1-3, 7-10, 11-13, 16-21 and 24-31 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Matyas in view of Coppersmith. 

Regarding Claims 1-2, 7 and 9 
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Matyas teaches a first input block that is a text block containing a secret PIN, a 
second input block derived from a non-secret entity identifier independent of the PIN , 
and a PIN verification Key. (See Figure 10, also Column 22, especially "KPV is the 64-bit PIN 
validation key. . .PIN is a 64 bit input PIN in clear form... valid data is a 64 bit users data padding 
included") 

Matyas does not explicitly teach a plurality of cipher blocks linked in a Cipher 
Block Chain (CBC) and keyed with a Key; 

a first input block coupled to a first cipher block in the CBC chain capable of 
receiving a text block. 

and a second input block coupled to a second cipher block in the CBC chain 
capable of receiving a text block and ciphertext from a cipher block in the CBC chain. 

a logical operator that exclusive-ORs the plaintext block derived from the secret 
PIN with an initialization vector to produce an initialized block 

a first encryptor that encrypts the initialized block using 3-DES encryption to 
produce a first ciphertext block ; 

a logical operator that exclusive-ORs the plaintext block derived from the with 
the first ciphertext block to produce a chained block; 

and a second encryptor that encrypts the chained block using 3-DES encryption 
to produce a second ciphertext block 

Coppersmith teaches an apparatus comprising: 
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a plurality of cipher blocks linked in a Cipher Block Chain (CBC) and keyed with a 
Key; (Figure 1 shows Triple-DES external feedback cipher block chaining) 

a first input block (Figure 1, X1) coupled to a first cipher block (Figure 1, Y1) in the 
CBC chain capable of receiving a text block. 

and a second input block (Figure 1, X2) coupled to a second cipher block (Figure 1, 
Y2) in the CBC chain capable of receiving a text block and ciphertext from a cipher 
block in the CBC chain. 

a logical operator that exclusive-ORs the plaintext block derived from the secret 
PIN with an initialization vector to produce an initialized block (Figure 1, the Examiner 
interprets IV as being the initialization vector, and X1 as the plaintext block. The Examiner 
interprets the XORed result of IV and X1 as the initialized block); 

a first encryptor that encrypts the initialized block using 3-DES encryption to 
produce a first ciphertext block ; (Figure 1. The Examiner interprets the first encryptor as the 
Triple-DES encryptor between X1 and Y1) 

a logical operator that exclusive-ORs the plaintext block derived from the with 
the first ciphertext block to produce a chained block; (Figure 1. The Examiner interprets 
the first ciphertext block as Y1 and the plaintext block as X2 and the XOR in between as the 
logical operator) 

and a second encryptor that encrypts the chained block using 3-DES encryption 
to produce a second ciphertext block (Figure 1. The Examiner interprets the second 
encryptor as the Triple-DES encryptor between X2 and Y2) 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Matyas to use the Triple DES encryption as taught by Coppersmith. 

The claim would have been obvious because the substitution of one known 
element (Triple DES taught by Coppersmith for Block cipher of Matyas) would have 
yielded predictable results to one of ordinary skill in the art at the time of the invention. 
The substitution would be particularly obvious because Triple DES is a well known type 
of Block Ciphering. 



Regarding Claim 3, 

Matyas and Coppersmith teaches the apparatus according to claim 2 wherein: 
the PIN verification apparatus operates in a reversible mode that enables recovery of 
the secret PIN from the second ciphertext block, ("the customer's PIN is recovered from 
the decrypted PIN block" Column 4) 

Claim 4-5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Matyas 
in view of Coppersmith further in view of Vernam (131 071 9). 



Regarding Claims 4 and 5, 
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Matyas and Coppersmith teach the apparatus according to claim 2. However 
they do not explicitly teach further comprising: a logical operator that exclusive-ORs the 
first ciphertext block with the second ciphertext block to produce a third ciphertext 
block. 

Vernam teaches a cipher that takes in two inputs and XORs them together to 
produce a ciphertext. The Vernam cipher has been a well known way to provide further 
encryption since 1919. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to XOR together the first and second ciphertext block to produce a third 
ciphertext block. 

The motivation is to provide further encryption. 

It is inherent that a PIN verification apparatus operates in an irreversible mode 
when the secret key is not possessed. 

Regarding Claim 8, 

Matyas and Coppersmith teach the apparatus according to Claim 1 . 

Matyas teaches a format converter capable of converting hexadecimal digit 
ciphertext to decimal result by scanning the hexadecimal digit ciphertext, selecting a 
predetermined number of numeric digits, and generating output digits. (Figure 9 shows 
a hexadecimal ciphertext input into a decimalization table. The Examiner interprets the 
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output digits as the PIN Verification Value. The Examiner further interprets that it is 
inherent that a predetermined number of digits must first be selected before converting 
from hex to decimal. 

Regarding Claim 10, 

Matyas and Coppersmith teaches the apparatus according to claim I. 

Matyas teaches a length digit ("a-pin-len is the number (1-16) indicating how many 
digits the generated PIN is assigned to the customer" Column 20, lines 53-53, x hexadecimal 
digits of the secret PIN ("CPIN is a. ..customer selected PIN in clear form" Column 20, lines 
41-47), a non-secret identifier and a pad character for the non-secret identifier that is 
repeated 16- (number of digits in the non-secret identifier) times ("val-data, Validation 
data is a 64-bit plain user's data, padding included. Ordinarily it will be the user's PAN" Column 
20, lines 51-53). 

Coppersmith and Mayas do not explicitly teach a first formatter configured to 
construct a first incoming plaintext block from a concatenation of a length digit x 
hexadecimal digits of the secret Personal Identification Number (PIN) with 16-(x+1) 
rightmost hexadecimal digits of the non-secret entity-identifier; 

and a second formatter configured to construct a second incoming plaintext block 
from a concatenation of y hexadecimal digits of the non-secret entity-identifier with a 
pad character that is repeated 16-y times. 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to construct a first plaintext block by concatenating a length digit with x 
hexadecimal digits of a PIN and 16-(x+1) hexadecimal digits of a non-secret entity 
identifier, and to construct a second plaintext block by concatenating y hexadecimal 
digits of the non-secret entity-identifier with a pad character that is repeated 16-y times. 

The motivation to construct the first plaintext block by concatenating a length digit 
with a PIN and 16-(x+1) digits is firstly because it is a plaintext block and the user can 
choose to input the block in any suitable format. The IBM 3624 format already includes 
the length digit, the PIN as well as a pad for the PIN that is 16-x in length. It would have 
been very obvious to one of ordinary skill to modify the IBM 3624 format to include 
these three inputs in a first format. 

The motivation to construct the second plaintext block by concatenating y 
hexadecimal digits of the non-secret entity identifier with a pad character that is 
repeated 16-y times is that the non-secret entity identifier (val-data) already comes 
padded in the IBM 3624 format. Without any modification the user could, as their 
design choice, input the val-data into the second plaintext block as described in 
Coppersmith. The concatenation of elements already taught by the prior art (length 
digit, hex digit, non-secret entity, etc.) would yield predictable results to one of ordinary 
skill in the art. 
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Regarding Claims 11-13, 18, 20-21, 28-31 

Matyas teaches a data security apparatus comprising: 

an enrollment terminal capable of accepting a magnetic stripe card storing a non- 
secret entity-identifier and an entity-selected secret Personal Identification Number 
(PIN); (Figure 3, EFT Terminal accepts a PIN and is capable of storing non secret entity 
identifier) 

a processor coupled to the enrollment terminal and capable of receiving the 
entity-identifier and the PIN; (It is inherent that the EFT Terminal has a processor capable of 
receiving the entity-identifier) 

and a memory coupled to the processor (It is inherent that the EFT Terminal has 
memory with code embodied on it) and having a computable readable program code 
embodied therein capable of causing the processor to enroll a PIN (Figure 3. Create PIN 
block): 

a database capable of storing a plurality of PIN Verification Values (PWs) for 
enrolled magnetic stripe cards; (Figure 3, Customer Accounts Database). 

an escrow capable of storing a plurality of escrow values associated with at least 
some of the enrolled magnetic stripe cards; (Figure 3, Institution Yis capable of storing 
escrow values) 
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and a processor coupled to the database and the escrow and capable of 
receiving an entity-identifier, a PIN Verification Value (PW) associated to the entity- 
identifier, and at least one escrow value associated to the entity-identifier; (Figure 3, 
HPC, or the Host Processing Center inherently has a processor that is capable or 
receiving identifiers and values) 

and a memory coupled to the processor and having a computable readable 
program code embodied therein capable of causing the processor to recover a PIN. 
(Figure 3, The HPC and Institution Y inherently have memories capable of causing the 
processor to recover a PIN as shown by the Verify PIN function) 

a plurality of terminals coupled to the servers via the network (Figure 1, EFT 
Terminals); 

a plurality of magnetic stripe cards enrolled in the transaction system and 
capable of insertion into the on-line terminals and performing transactions via the 
servers; ("Consider the network configuration as shown in Fig 1. The entry point at which 
transaction requests are intiated, such as a point of sale (POS) terminal or an automated teller 
machine (ATM), is defined as an EFT terminal." Column 2, lines 46-49). It is inherent that an 
ATM includes a plurality of magnetic stripe cards enrolled in the transaction system and 
capable of insertion into the online terminals and performing transactions via the servers. 

and a plurality of processors distributed among the servers, hosts, and/or the 
terminals, at least one of the processors being capable of executing PIN verification 
using a magnetic stripe card. (Figure 1, the Host Processing center and the terminals 
inherently have processors, of which the processors are capable of executing PIN verification) 
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means for writing the PW to a transaction card for subsequent PIN verification 
(Figure 5, shows the Remote Card Issuing Station writing PIN information to a transaction card 
via the Card Writer) 

Matyas teaches a first input block that is a text block containing a secret PIN, a 
second input block derived from a non-secret entity identifier, and a PIN verification 
Key. (See Figure 10, also Column 22, especially "KPV is the 64-bit PIN validation key... PIN is a 
64 bit input PIN in clear form., .valid data is a 64 bit users data padding included") 

Matyas does not teach a method of linking a plurality of cipher blocks, applying 
incoming plaintext blocks to cipher blocks, keying the cipher blocks with a key, XORing 
the plaintext block with an initialization vector, encrypting the initialized block using 
tripled DES encryptiong, XORing the plaintext block with the first ciphertext block, 
encrypting the chained block using triple DES encryption, and outputting the second 
cipher block. 

Coppersmith teaches a method comprising: 

linking a plurality of cipher blocks in a Cipher Block Chain (CBC); (Figure 1 shows 
Triple-DES external feedback cipher block chaining) 

applying an incoming plaintext block to one of the plurality of cipher blocks; 
(Figure 1 shows applying the plaintext block (X1) to a cipher block (Y1)) 

applying an incoming plaintext block derived from a non-secret entity-identifier 
and ciphertext from a cipher block in the CBC chain; (Figure 1 shows applying the 



Application/Control Number: 10/749,200 Page 14 

Art Unit: 2439 

plaintext block (X2) to a cipher block (Y2)) The Examiner interprets the X1 as the non-secret 
entity identifier and Y2 as the cipher block. 

keying the plurality of cipher blocks with a Key; and executing the cipher blocks 
resulting in generation of ciphertext (Figure 1. shows the plaintext being keyed (K1-K3) 
resulting in the generation of ciphertext. 

exclusive-ORing the plaintext block with an initialization vector to produce an 
initialized block; (Figure 1, the Examiner interprets IV as being the initialization vector, and 
X1 as the plaintext block. The Examiner interprets the XORed result of IV and X1 as the 
initialized block); 

encrypting the initialized block using triple Data Encryption Standard (3-DES) 
encryption to produce a first ciphertext block; (Figure 1. The Examiner interprets the first 
encryptor as the Triple-DES encryptor between X1 and Y1) 

exclusive-ORing the plaintext block with the first ciphertext block to produce a 
chained block; (Figure 1. The Examiner interprets the first ciphertext block as Y1 and the 
plaintext block as X2 and the XOR in between as the logical operator) 

encrypting the chained block using triple Data Encryption Standard (3-DES) 
encryption to produce a second ciphertext block; (Figure 1. The Examiner interprets the 
second encryptor as the Triple-DES encryptor between X2 and Y2) 

and outputting the second ciphertext block {The Examiner interprets the output of 
the second ciphertext block as supplying information) 

It is inherent that with the proper key information the original cleartext can be 
recovered. 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to have the processor of Matyas perform the method of Coppersmith. 

The motivation is that the method of using a CBC using triple-DES encryption is 
well known in the art. One of ordinary skill would be able to use the method of 
Coppersmith on the terminal of Matyas for the purpose of PIN encryption. 

Coppersmith however does not teach that the first input block that is a text block 
contains a secret PIN. Coppersmith further does not teach that the second input block 
is derived from a non-secret entity-identifier. Coppersmith does not teach that the key 
is a Pin Verification Key. Coppersmith does not teach that the output of the second 
ciphertext block is to be used for the purpose of PIN verification. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to have the system of Coppersmith input a secret PIN in the first input block 
and input a non-secret identifier in the second input block and have the key be a PIN 
verification key. 

The motivation is that the system of Coppersmith without any modification can 
take the inputs of a secret PIN and the non-secret identifier and using a key output a 
Pin Verification Value. Furthermore CBC can generate ciphertext for any field. One of 
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ordinary skill in the art would be able to take the ciphertext generated from the inputs 
for the purpose of PIN verification. 



Regarding Claims 16 and 24, 

Matyas and Coppersmith teach the method according to claim 1 1 and the 
security apparatus that invokes the method in claim 20. 

Matyas teaches a format converter capable of converting hexadecimal digit 
ciphertext to decimal result by scanning the hexadecimal digit ciphertext, selecting a 
predetermined number of numeric digits, and generating output digits. (Figure 9 shows 
a hexadecimal ciphertext input into a decimalization table. The Examiner interprets the 
output digits as the PIN Verification Value. The Examiner further interprets that it is 
inherent that a predetermined number of digits must first be selected before converting 
from hex to decimal. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the PIN verification apparatus of Coppersmith with the format 
converter of Matyas. 

The motivation is that Figure 9 describes the IBM 3624, including the format 
converter. This PIN verification apparatus is very well known in the PIN verification art 
and has been in use since the late 1970's. Therefore one of ordinary skill in the art 
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would know to add a hexadecimal to decimal format converter to a PIN verification 
apparatus and the results would be predictable. 

Regarding Claims 17 and 25, 

Matyas and Coppersmith teach the method according to claim 1 1 and the 
security apparatus that invokes the method in claim 20. Matyas and Coppersmith do 
not explicitly teach supplying hexadecimal digit ciphertext generated by a final 
ciphertext block in the Cipher Block Chain (CBC) as a PIN Verification Value (PW). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to have the final ciphertext be in hexadecimal format. 

The claim would have been obvious because the substitution of one known 
format for another (hexadecimal) would have yielded predictable results to one of 
ordinary skill in the art at the time of the invention. 

Regarding Claims 19 and 27, 

Matyas and Coppersmith teaches the method according to claim 1 1 and the 
security apparatus that invokes the method in claim 20. 

Matyas teaches a length digit ("a-pin-len is the number (1-16) indicating how many 
digits the generated PIN is assigned to the customer" Column 20, lines 53-53, x hexadecimal 
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digits of the secret PIN ("CPIN is a... customer selected PIN in clear form" Column 20, lines 
41-47), a non-secret identifier and a pad character for the non-secret identifier that is 
repeated 16- (number of digits in the non-secret identifier) times ("val-data, Validation 
data is a 64-bit plain user's data, padding included. Ordinarily it will be the user's PAN" Column 
20, lines 51-53). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify the apparatus of Coppersmith with the inputs of Mayas. 

The motivation to combine is that Mayas discloses the inputs of the Generate 
IBM 3624 PIN process. This PIN verification apparatus is very well known in the PIN 
verification art and has been in use since the late 1970's. Therefore one of ordinary 
skill in the art would know of these inputs. 

Coppersmith and Matyas do not explicitly teach a first formatter configured to 
construct a first incoming plaintext block from a concatenation of a length digit x 
hexadecimal digits of the secret Personal Identification Number (PIN) with 16-(x+1) 
rightmost hexadecimal digits of the non-secret entity-identifier; 

and a second formatter configured to construct a second incoming plaintext block 
from a concatenation of y hexadecimal digits of the non-secret entity-identifier with a 
pad character that is repeated 16-y times. 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention to construct a first plaintext block by concatenating a length digit with x 
hexadecimal digits of a PIN and 16-(x+1) hexadecimal digits of a non-secret entity 
identifier, and to construct a second plaintext block by concatenating y hexadecimal 
digits of the non-secret entity-identifier with a pad character that is repeated 16-y times. 

The motivation to construct the first plaintext block by concatenating a length digit 
with a PIN and 16-(x+1 ) digits is firstly because it is a plaintext block and the user can 
choose to input the block in any suitable format. The IBM 3624 format already includes 
the length digit, the PIN as well as a pad for the PIN that is 16-x in length. It would have 
been very obvious to one of ordinary skill to modify the IBM 3624 format to include 
these three inputs in a first format. 

The motivation to construct the second plaintext block by concatenating y 
hexadecimal digits of the non-secret entity identifier with a pad character that is 
repeated 16-y times is that the non-secret entity identifier (val-data) already comes 
padded in the IBM 3624 format. Without any modification the user could, as their 
design choice, input the val-data into the second plaintext block as described in 
Coppersmith. 

The concatenation of elements already taught by the prior art (length digit, hex 
digit, non-secret entity, etc.) would yield predictable results to one of ordinary skill in 
the art. 
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Claims 14 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Matyas in view of Coppersmith as applied to claims 1 1 and 20 above, and further 
in view of Vernam. 

Regarding Claims 14 and 22, 

Matyas and Coppersmith teach the method according to claim 1 1 and the 
security apparatus that invokes the method in claim 20 wherein the PIN verification 
method is capable of operating in an irreversible mode that obstructs recovery of the 
secret PIN, the method comprising: 

exclusive-ORing the plaintext block with an initialization vector to produce an 
initialized block; (Figure 1 of Coppersmith, the Examiner interprets IV as being the 
initialization vector, andX1 as the plaintext block. The Examiner interprets the XORed result of 
IV and X1 as the initialized block); 

encrypting the initialized block using triple Data Encryption Standard (3-DES) 
encryption to produce a first ciphertext block; (Figure 1 of Coppersmith. The Examiner 
interprets the first encryptor as the Triple-DES encryptor between X1 and Y1 ) 

exclusive-ORing the plaintext block with the first ciphertext block to produce a 
chained block; (Figure 1 of Coppersmith. The Examiner interprets the first ciphertext block 
as Y1 and the plaintext block as X2 and the XOR in between as the logical operator) 
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encrypting the chained block using triple Data Encryption Standard (3-DES) 
encryption to produce a second ciphertext block; (Figure 1 of Coppersmith. The Examiner 
interprets the second encryptor as the Triple-DES encryptor between X2 and Y2) 

and outputting the second ciphertext block {The Examiner interprets the output of 
the second ciphertext block as supplying information) 

Coppersmith does not exclusively teach exclusive-ORing the first ciphertext block 
with the second ciphertext block to produce a third ciphertext block; 

Vernam teaches a cipher that takes in two inputs and XORs them together to 
produce a ciphertext. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to XOR together the first and second ciphertext block to produce a third 
ciphertext block. 

The motivation is to provide further encryption. 

It is inherent that a PIN verification apparatus operates in an irreversible mode 
when the secret key is not possessed. 



Application/Control Number: 10/749,200 Page 22 

Art Unit: 2439 

Claims 6, 15, 23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Matyas in view of Coppersmith in view of Vernam, and further in view of Brachtl. 



Regarding Claim 6, 

Matyas Coppersmith and Vernam teach the apparatus according to claim 5. 
Coppersmith and Vernam do not further teach: an escrow storage coupled to the 
second encryptor and capable of storing the second ciphertext block. 

Brachtl teaches an escrow storage coupled to a second encryptor capable of 
storing a second ciphertext block. ("The quantities AP KTR1 and KTR2 are stored at the 
issuer's data processing center enciphered under the second variant (KM2) of the issuer's 
master key and associated together and enclosed by the PAN for the user. The quantities 
PAN, PIN and KP for the user are also stored offline. " Column 7, lines 49-56) 

The Examiner interprets the escrow storage as the issuer's data processing center. The 
Examiner interprets the storage coupled to a second encryptor as the quantities being 
enciphered under the second variant. The Examiner further interprets that the second 
ciphertext block is capable of being stored. 



It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the teachings of Coppersmith and Vernam with an escrow storage. 
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The motivation is firstly "for backup purposes" Column 7, line 55. The second 
motivation is that the reference is a patent from 1988 so therefore it has been well 
known to store data in an escrow storage in the PIN verification art. 

Regarding Claims 15 and 23, 

Matyas, Coppersmith and Vernam teach the method and the security apparatus 
according to claim 14. The cited references do not further teach: storing the second 
ciphertext block in at least one escrow to facilitate recovery of the secret PIN. 

Brachtl teaches an escrow storage coupled to a second encryptor capable of 
storing a second ciphertext block. ("The quantities AP KTR1 and KTR2 are stored at the 
issuer's data processing center enciphered under the second variant (KM2) of the issuer's 
master key and associated together and enclosed by the PAN for the user. The quantities 
PAN, PIN and KP for the user are also stored offline. " Column 7, lines 49-56) 

The Examiner interprets the escrow storage as the issuer's data processing center. The 
Examiner interprets the storage coupled to a second encryptor as the quantities being 
enciphered under the second variant. The Examiner further interprets that the second 
ciphertext block is capable of being stored. 



It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the teachings of Coppersmith and Vernam with an escrow storage. 
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The motivation is firstly "for backup purposes" Column 7, line 55. The second 
motivation is that the reference is a patent from 1988 so therefore it has been well 
known to store data in an escrow storage in the PIN verification art 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to HARRIS C. WANG whose telephone number is 
(571)270-1462. The examiner can normally be reached on M-F 9-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, EDAN ORGAD can be reached on (571) 272-7884. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Harris C Wang/ 
Examiner, Art Unit 2439 



/Edan Orgad/ 

Supervisory Patent Examiner, Art Unit 2439 



